Foxit Reader, a well-known PDF viewer, has been updated to fix multiple use-after-free security flaws that could be used to execute arbitrary code.
The feature-rich PDF reader offers users a wide range of functionality, including support for multimedia documents and dynamic forms via JavaScript support, which also increases the attack surface of the application. Four flaws in the JavaScript engine of Foxit Reader that could lead to arbitrary code execution have been disclosed this week by Cisco’s Talos security researchers.
With a CVSS score of 8.8, the issues—labeled CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, and CVE-2022-40129—are categorized as use-after-free vulnerabilities.
Also Read: Strategies to Choose the Right Cybersecurity Risk Framework
Read More:Foxit Patches Several Code Execution Vulnerabilities in PDF Reader
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.